EnterYourHours.com Information Security Policy

Purpose

Enter Your Hours, LLC depends on its computers, data, and information processing capabilities to provide constant, reliable service to our customers. Every employee is made aware of the security risks and must act in a way that protects the integrity of our data systems. This policy outlines the security structures used to maintain that integrity.

Scope

This policy applies to all employees and customers of Enter Your Hours, LLC as well as data center support staff. The policy is also applicable to all software, databases and structures developed for EnterYourHours.com.

Responsibility for Computer Security The security contact is responsible for ensuring that the company has adequate computer security and that this policy is observed. Each Enter Your Hours, LLC and data center employee are responsible for protection of our assets, including computers and data. Employees should notify the security contact whenever he or she sees actions that seem to go against this policy.

Security Roles

  1. Administrative – Only the company CIO, system administrator and data center support staff, on a permission basis, will have full administrator rights.
  2. Developer – Developers will be limited to FTP and SQL Server access only for databases and websites that the developer is currently working on. Once a developer is no longer with the company, all passwords to which the developer had access will be changed.
  3. Client – Customer access is limited to software or service use only, and only for that customer’s account.

Confidentiality

All Enter Your Hours, LLC developers are required to sign a confidentiality agreement and must adhere to the strict security standards outlined in the agreement. No employee shall divulge company or client information to outsiders.

Computer Location and Facilities

The Enter Your Hours, LLC application and website servers are housed offsite in a secure data center. Closed Circuit Television (CCTV), personalized access cards and highly secure man traps ensure only authorized personnel have facility access. All door access is monitored, recorded and time stamped on an individual card basis. The Network Operations Center (NOC) is manned 24 hours a day, 7 days a week and security officers are present in all locations round-the-clock.

Firewall

Only the company CIO and system administrator are authorized to make changes to the server firewall. A Juniper firewall limits all traffic except that which is specifically allowed on a per-need basis. Juniper has a solid track record of delivering best-in-class networking and security products

Sanctions

All security incidents, actual or suspected, shall be documented by the security contact and will be addressed immediately. Any violators that have access to the data system will promptly have their access privileges revoked. This includes offending Enter Your Hours, LLC employees and, when appropriate, customers and their employees. The security contact will also adjust security procedures if needed to prevent future incidents.

Security Policy Updates

A yearly review of the Enter Your Hours, LLC security policy will be made to keep in step with the evolving needs, and with changes in local personnel and the external environment.

Contacts

Actual or suspected security incidents should be reported promptly to the security contact:

Carlos Zapata
Chief Information Officer
Enter Your Hours, LLC
Phone: 866-456-9326 ext 715
Email: czapata@enteryourhours.com